Node.js 即使是 v1.2.5 也有最小的安全问题
Node.js minimist security issue even with v1.2.5
安装 express-handlebars 和 运行 "npm audit" 后,我收到了 minimist 的 "low severity vulnerability" 警告。 npm 说:"Patched in >=0.2.1 <1.0.0 || >=1.2.3"
https://npmjs.com/advisories/1179
所以我升级到 minimist v1.2.5 但我仍然收到安全警告。
- Windows 10 亲
- 节点:v13.11.0
- npm: v6.14.3
- 快递:v4.17.1
- 快速车把:v4.7.3
- 极简主义者:v1.2.5
目前这是一个已知问题:
"@jimp/core": {
"version": "0.8.5",
"resolved": "https://registry.npmjs.org/@jimp/core/-/core-0.8.5.tgz",
"integrity": "sha512-Jto1IdL5HYg7uE15rpQjK6dfZJ6d6gRjUsVCPW50nIfXgWizaTibFEov90W9Bj+irwKrX2ntG3e3pZUyOC0COg==",
"requires": {
"@jimp/utils": "^0.8.5",
"any-base": "^1.1.0",
"buffer": "^5.2.0",
"core-js": "^2.5.7",
"exif-parser": "^0.1.12",
"file-type": "^9.0.0",
"load-bmfont": "^1.3.1",
"mkdirp": "0.5.1",
"phin": "^2.9.1",
"pixelmatch": "^4.0.2",
"tinycolor2": "^1.4.1"
},
"dependencies": {
"file-type": {
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/file-type/-/file-type-9.0.0.tgz",
"integrity": "sha512-Qe/5NJrgIOlwijpq3B7BEpzPFcgzggOTagZmkXQY4LA6bsXKTUstK7Wp12lEJ/mLKTpvIZxmIuRcLYWT6ov9lw=="
},
"mkdirp": {
"version": "0.5.1",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
"integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
"requires": {
"minimist": "^0.0.8"
},
"dependencies": {
"minimist": {
"version": "^0.0.8",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
"integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0="
}
}
}
Upgrade the minimist in the npm and follow the below steps
不要运行上面的片段
检查突出显示的图像@ https://i.stack.imgur.com/0B0bq.png
我在检查我的包上的所有 minimist 时解决了我的问题-lock.json 文件
在我自己的案例中 mkdir 需要 minimist。
minimist 已降级并且是必需的,因此我继续为需要 minimist 的两个文件的 minimist 版本添加“^”(如附加代码中所示)。那么需要 minimist 的依赖项可以选择最新版本的 minimist,而不是 0.0.8 版本的 minimist
安装 express-handlebars 和 运行 "npm audit" 后,我收到了 minimist 的 "low severity vulnerability" 警告。 npm 说:"Patched in >=0.2.1 <1.0.0 || >=1.2.3"
https://npmjs.com/advisories/1179
所以我升级到 minimist v1.2.5 但我仍然收到安全警告。
- Windows 10 亲
- 节点:v13.11.0
- npm: v6.14.3
- 快递:v4.17.1
- 快速车把:v4.7.3
- 极简主义者:v1.2.5
目前这是一个已知问题:
"@jimp/core": {
"version": "0.8.5",
"resolved": "https://registry.npmjs.org/@jimp/core/-/core-0.8.5.tgz",
"integrity": "sha512-Jto1IdL5HYg7uE15rpQjK6dfZJ6d6gRjUsVCPW50nIfXgWizaTibFEov90W9Bj+irwKrX2ntG3e3pZUyOC0COg==",
"requires": {
"@jimp/utils": "^0.8.5",
"any-base": "^1.1.0",
"buffer": "^5.2.0",
"core-js": "^2.5.7",
"exif-parser": "^0.1.12",
"file-type": "^9.0.0",
"load-bmfont": "^1.3.1",
"mkdirp": "0.5.1",
"phin": "^2.9.1",
"pixelmatch": "^4.0.2",
"tinycolor2": "^1.4.1"
},
"dependencies": {
"file-type": {
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/file-type/-/file-type-9.0.0.tgz",
"integrity": "sha512-Qe/5NJrgIOlwijpq3B7BEpzPFcgzggOTagZmkXQY4LA6bsXKTUstK7Wp12lEJ/mLKTpvIZxmIuRcLYWT6ov9lw=="
},
"mkdirp": {
"version": "0.5.1",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
"integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
"requires": {
"minimist": "^0.0.8"
},
"dependencies": {
"minimist": {
"version": "^0.0.8",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
"integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0="
}
}
}
Upgrade the minimist in the npm and follow the below steps
不要运行上面的片段
检查突出显示的图像@ https://i.stack.imgur.com/0B0bq.png
我在检查我的包上的所有 minimist 时解决了我的问题-lock.json 文件
在我自己的案例中 mkdir 需要 minimist。
minimist 已降级并且是必需的,因此我继续为需要 minimist 的两个文件的 minimist 版本添加“^”(如附加代码中所示)。那么需要 minimist 的依赖项可以选择最新版本的 minimist,而不是 0.0.8 版本的 minimist